Bad internal information security practices can lead to theft of confidential information.

Data collected on customers by companies is continuously increasing. The collected information are sometimes in hard copy format, which can be scanned or copied by employees within the company. Additionally, multiple function network printers in the workplace often have no secure passwords, and employees with access to confidential information can easily send jobs to these printers, making information available in hard copy that can easily be scanned or photocopied by unauthorized employees. Therefore, internal methods of data security are just as important as prevention of external access to information.

"Ignorance is bliss" is a dangerous practice that leads to unauthorized access of private and confidential information. There should be a precise information privacy policy regarding access and use of private and confidential information. Collecting large databases of private and confidential information on customers and securing that information from unauthorized access of only half the solution. Even with layered access to information within the organization, the improper use of technology can still be dangerous. For example, preparing sensitive information for your superiors and printing it on a network printer will allow an employee with unauthorized access to read the information as it is printed. Therefore, a staff that has no method of disposing of confidential information can lead to leakage of this information.

Article:

http://www.infosecurity-magazine.com/view/23982/is-ignorance-bliss-majority-of-employees-dont-know-or-follow-it-security-policies/

Google's new privacy policy

According to reports, Google's new privacy policy being rolled out by March 1 is an act to consolidate services. While this is an economical decision for the company, their services are built around the use of personal information. Users often utilize different sets of services from Google, which can be stored separately in large databases. The consolidation of all services will allow record linking across all databases, enabling one service from Google to track the use of all their services and establish a pattern on use. For example, Google have multiple advertisements displayed on many websites. By linking all its products, Google will be able to track their users' pattern of Internet usage based on the sites accessed, which allows them to identify their users.

However, Google is taking measures to inform their users of potential privacy violations. They are notifying users of this change and providing them ample time to decide whether or not to continue using their services. On the other hand, the lack of similar services and the effort involved in switching services may ultimately result in users accepting potential privacy violations in favor of the convenience provided by Google. This allows Google to control the type of information stored and the pattern of Internet usage from their users. However, Google is a corporate giant and must keep its shareholders' trust; therefore, will ultimately have to make decisions according to the company's interest and not the interest of its users.

These articles are worth the read.

http://www.infosecurity-magazine.com/view/23825/privacy-group-sues-ftc-over-googles-privacy-changes/

http://www.infosecurity-magazine.com/view/23500/googles-revised-privacy-policy-not-sitting-well-with-some

Databases and Privacy Risks

Data is constantly increasing the size of databases. Our personal information is often stored in large databases online; consequently, database mining was one of the main concerns regarding database security in 2011. Personal information mining is a profitable business for cyber criminals; therefore, your personal information in these databases can place you at risk for scams, identity theft, etc.

According to reports, Google's new privacy policy, being rolled out by March 1, is an act to consolidate services. Therefore, all individual services that contained bits and pieces of your personal information will now be link. Given the increases in attempts to gain access to private information you are more at risk with all your information linked. Each service used would see the increase in the information stored on users. This puts us more at risk for scams, identity theft, etc if these databases are not properly secured.

I think these articles are worth the read:

http://www.infosecurity-magazine.com/view/21561/2011-year-of-the-database-hack/

http://www.infosecurity-magazine.com/view/23500/googles-revised-privacy-policy-not-sitting-well-with-some